Security audit

Vehicle Os

Security checks across malware telemetry and agentic risk

Overview

This is a local vehicle-maintenance tracker that stores vehicle records, but its behavior is disclosed, purpose-aligned, and does not show code execution, credential use, network access, or hidden data transfer.

Install only if you are comfortable keeping vehicle and ownership records in a local vehicle-data.json file. Avoid storing full VINs, plate numbers, policy details, or loan/payment details unless you need them, and periodically review or remove saved records you no longer want retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The invocation guidance is broad enough to activate on many ordinary mentions of cars, repairs, or maintenance, which can cause the skill to engage when the user did not explicitly intend to store or manage vehicle data. In a skill that reads and writes persistent records, over-triggering increases the chance of collecting sensitive vehicle, insurance, registration, and service information without clear user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill persistently stores detailed vehicle and administrative data, including VIN, plate, insurance, mechanic, and maintenance history, but does not present any user-facing notice about retention, sensitivity, or consent. This is risky because these records can reveal identity, location, ownership patterns, and other sensitive personal details, especially if the skill is triggered implicitly.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The eval explicitly expects the skill to write to vehicle-data.json, which implies persistent modification of user data without any mention of notice, confirmation, or consent. In an agent context, silent writes can lead to unintended data creation or overwriting, and the vehicle-maintenance domain does not require hidden persistence to satisfy the user’s immediate request.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.